How to find email headers

Discussion in 'General Information' started by Gentle Giant, Sep 23, 2008.

Thread Status:
Not open for further replies.
  1. Gentle Giant

    Gentle Giant Giant Admin for a Day Staff Member

    OK, we should have done this a long time but we didn't. So here it is. I will build it, or other admins will help build it.

    What is an email header?
    An email header provides all the information about an email you received. That includes really important things like where the email originated from. Don't write us asking us to arrest some scammer if you don't give us an email header. It can't be done.

    Why do you (AFI) want full email headers?
    An email header will show the originating ISP (i.e. where the email came from) and it also tells us the route that an email took from the scammer's computer to yours. We don't use all of that information but other people ;) around here do.


    An email header does not look like this:

    From: Mr. James Blaire <click.peter45@aliceadsl.fr>
    Subject: CONTACT FEDEX COURIER COMPANY
    Date: Friday, September 19, 2008,

    That does not tell us very much except the email account the scammer used to send the email and the name on the account. It also tells us the date he sent the email. That's about 20% useful information. In short, it really does not provide much that is useful.


    An email header is longer and looks something like this (this is a yahoo email header, an example):

    X-Apparently-To: [your_email@address.com] 203.216.249.210; Tue, 23 Sep 2008 13:16:00 +0900
    X-Originating-IP: [120.12.33.215] <----This is important
    Return-Path: <scammer@scam.com>
    Received-SPF: none ([120.12.33.215]: domain of [scamer@scam.com] does not designate permitted sender hosts)
    Authentication-Results: mta127.mail.tnz.adress.com from=scam.com; domainkeys=neutral (no sig)
    Received: from 120.12.33.215 (EHLO 120.12.33.215) (120.12.33.215)by mta127.mail.tnz.address.com with SMTP; Tue, 23 Sep 2008 13:15:59 +0900
    Message-ID: <000501c91d33$051c2fb1$ece09ab2@cfgqvryg>
    From: "Yahoo boi" <scammer@scam.com> Add to contacts
    To: "Your name" <your_email@address.com>
    Subject: Hi! I'm a scammer and I want to steal your money
    Date: Tue, 23 Sep 2008 02:30:51 +0000
    MIME-Version: 1.0
    Content-Type: multipart/alternative;boundary="----=_NextPart_000_0002_01C91D33.0519E9D0"
    X-Priority: 3
    X-MSMail-Priority: Normal
    X-Mailer: Microsoft Outlook Express 6.00.2720.3000
    X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2727.1300
    Content-Length: 1445


    Do you want the body text of the email?
    Yes. The header by itself tells us where the email came from but it doesn't tell us what the email says.


    How do I post a scam email at AFI?
    Copy and paste everything including the full email header. Please be sure that you remove your email address from the post. In the above example where your email is [your_email@address.com] you can post @address.com or [x@address.com]. That doesn't affect what we do one way or another but you do not want your email to become public. Especially here.


    Find them!
    Below we will post some servers and links to specific posts about how to find headers using those email servers. Click on the email service you use and we will try to walk you through some step-by-step instructions to find the email headers.

    (Note to admins, etc. Please activate the link in these servers as you post here. Thanks)

    AOL

    CompuServe

    Cox.net

    Excite

    Eudora

    Fastmail

    Gmail

    Hotmail

    Lycos

    Mail.com

    Macintosh OS X Mail

    MSN

    Netscape

    Orange Webmail UK

    Outlook

    Outlook Express

    Rediffmail

    Sify.com

    Squirrel Mail

    Thunderbird

    WebTV

    Windows Live Mail

    Yahoo (all language versions)
     
    Last edited by a moderator: Jun 7, 2009
  2. Gentle Giant

    Gentle Giant Giant Admin for a Day Staff Member

    Hotmail

    This is what hotmail says. Half the people I talk to can't get headers from hotmail.

    (From Windows Live Hotmail Technical Support)

    1. Log in to your Windows Live Hotmail account.
    2. Right-click on the message in the Message list and choose "View source."

    Note: Please make sure that you are not right clicking on the message in the preview pane.

    If you are using the classic version of Windows Live Hotmail, this feature is not available. You might switch to the full version first. You can migrate from Windows Live Hotmail classic version to the full version in the following ways:

    1. Click the TODAY page. This will show you which version you are using. If you want to switch from the classic version to the full version, click Try the full version.

    2. On the MAIL tab, click Try the full version of Windows Live Hotmail in the lower-left section of the page.

    3. Click Options. Near the top of the page, click Try the full version.
     
  3. The Doctor

    The Doctor Administrator Staff Member

    Excite Webmail

    Excite has upgraded their software program and finding the full headers is now much easier.

    To find the full headers simply view the message and then click on "Full Header" in the upper right corner. This displays the full header info versus the "Brief Header" info. (And be sure to post it if you post a scam email. And do remove your own email from it).

    For more help see the excite webpage at http://www.excite.com/
     
  4. The Doctor

    The Doctor Administrator Staff Member

    Gmail

    This one is very easy now too. Once you sign in to your gmail account open the email that you want the headers for. On the right is a down arrow with several options, under the blue "Reply" arrow. Choose the one that says "Show original" then the full header and the email will open in a new tab (or window). Copy and paste the entire thing if you are posting a scam email. And do please remove your email address before you post it.
     
  5. Miyuki

    Miyuki Administratrix Staff Member

    Fastmail

    These are very easy. Open the email you want to check. On the far right at the top is a button "More" and when you click on it, at the bottom of the list under this is "ShowRaw Message". You can then just copy and paste the header and the email. Please remove your own email address from anything you post.
     
  6. Kat

    Kat Administrator Staff Member

    CompuServe

    In the email, full headers now appear at the bottom of the email you received. Please remove your email before you post.

    For further help refer to the compuserve webpage at http://webcenters.netscape.compuserve.com/menu/
     
  7. De Master Yoda

    De Master Yoda Administrator Staff Member

    Yahoo.

    Yahoo Mail (Web Based)

    Click on the link under Subject to View the message. While viewing the message look at the bottom of the message on the right hand side and find the link that reads “Full Headers” and click on it. The header will be listed above the email.

    =======================

    Additional information:

    The latest versions of Yahoo Mail, using IE7 or higher, FireFox or Safari, have changed the header display mechanism. With the message open, click on the "Actions" button at the right side end of the tool-bar above the message. A drop down list will appear, with "Full Header" as the option second from the bottom. Clicking on "Full Header" will open a new window with the headers displayed, which can then be selected, copied and pasted into your reply along with the message text. Please remember to remove your own email address and any other personal information before you post.
     
    Last edited by a moderator: Nov 16, 2009
  8. Kat

    Kat Administrator Staff Member

    Netscape

    I haven't used it for a long time but this is supposed to be how it works now. In Messenger, the email reader supplied with Netscape communicator, this is what you have to do. IF you're using Windows all you have to do is press Ctrl-U (meta-U in unix, ?-U on Macintosh). This will open up a new window with the full header. Then, like most other mail servers, just copy (Ctrl-A to highlight the text). Then hit Ctrl-C to copy the body and header text and then paste where you need to.
     
  9. Miyuki

    Miyuki Administratrix Staff Member

    Mail.com

    Mail.com includes all of their associate companies like accountant.com, etc.

    On the left side of the message you will see:
    To:
    CC:
    Subject:
    Date:

    Right underneath it says "Show full headers". Click that link then copy and paste everything from the top where it says "from" to the bottom of the mail.
     
  10. Kat

    Kat Administrator Staff Member

    WebTV

    This is kind of old and I don't know if anyone uses it anymore but several of my friends used to use it.

    If you open the email then click the "Forward" link on the sidebar. Erase the subject line and then you will need to forward the email to yourself. Move your cursor over the first line in the body of the email (the part with the text) and hit "enter" or "return" twice which should move the cursor down to the third line in the text.

    Next, type any "Alt" and any character on the third line but do NOT hit "enter" or "return". Then hit control-X and control-v (copy and paste) the "alt" into the subject line. The "alt" character you typed should move back down into the body text.

    Finally, hit "send" and you should be able to open the new email.

    Now, wasn't that easy? With an email like that you can see why people use yahoo or something.
     
  11. Dororo

    Dororo Administrator Staff Member

  12. Garreg Ddu

    Garreg Ddu Gweinyddwr Staff Member

    Bigstring

    Both "old" and "new" bigstring are similar. The new version is much more powerful and anyone who hasn't upgraded should do so.

    To find headers, in either "quick view" or "full view" look for the small box labelled "HEADER" at the top right, just above the message text, in the title bar. Left click on it and the headers will display in the top of the message window, from where they can be selected, copied and pasted into your post, with any of your personal details such as email name erased.

    Bigstring has ceased all operations and is offline permanently.
     
    Last edited: Nov 3, 2014
  13. Garreg Ddu

    Garreg Ddu Gweinyddwr Staff Member

    Windows Live Mail

    This is not the same as classic "hotmail" accessed via a browser.

    In any box or storage folder view, right click (if you are right handed, left if your mouse is configured for left hand use) on the subject of an email and in the menu which comes up click on the bottom option, properties. A new window will open up, with the subject of the email as the title. The left tab in the new window will have "General" information, the right tab is "Details". If you click on "Details" the full header is in view, and you can select all, copy and paste the header into your post, remembering to remove your personal information such email name. At the bottom of the "Details" tab is a box labelled "Message Source", and clicking on this will reveal both the full header and the complete text or source HTML of the message, which can be copied and pasted. This can be important, as sometimes you may get a request from an Administrator, Moderator, Samurai or Ninja for the HTML source, as it may enable us to do more to track down the scammer or her/his web site. It is very useful in "Phishing" and "Identity Theft" scams.

    Windows Live Mail headers can be accessed through the "Menu Bar" from "File > Properties", or by pressing "Alt"+"Enter" with the message subject selected, as well as by mouse clicks.
     
  14. Garreg Ddu

    Garreg Ddu Gweinyddwr Staff Member

    OutLook Express

    This is not the same as classic MS Office OutLook, "hotmail" accessed via a browser, or any other email system via browser. The method is identical to Windows Live Mail, in post #13, but is repeated here for completeness.

    In any box or storage folder view, right click (if you are right handed, left if your mouse is configured for left hand use) on the subject of an email and in the menu which comes up click on the bottom option, properties. A new window will open up, with the subject of the email as the title. The left tab in the new window will have "General" information, the right tab is "Details". If you click on "Details" the full header is in view, and you can select all, copy and paste the header into your post, remembering to remove your personal information such email name. At the bottom of the "Details" tab is a box labelled "Message Source", and clicking on this will reveal both the full header and the complete text or source HTML of the message, which can be copied and pasted. This can be important, as sometimes you may get a request from an Administrator, Moderator, Samurai or Ninja for the HTML source, as it may enable us to do more to track down the scammer or her/his web site. It is very useful in "Phishing" and "Identity Theft" scams.

    OutLook Express headers can be accessed through the "Menu Bar" from "File > Properties", or by pressing "Alt"+"Enter" with the message subject selected, as well as by mouse clicks.
     
  15. Garreg Ddu

    Garreg Ddu Gweinyddwr Staff Member

    Squirrel Mail Servers

    Many email services use the "Squirrel Mail" as their mail engine, rather than coding their own browser program or using OutLook Express or a similar method.

    When you have logged into the Squirrel Mail server you should see your folder list down the left hand side and the current folder contents index as the main part of the window. Click on the subject of the message required to open it in the current window. Above the message text the short header pane will appear. At the bottom of the header pane there should be "Options", and the "view Full Header" option if clicked should open the full header in place of the message text. This can be selected, copied and pasted into your post along with the message text, always remembering to remove any personal identificaton such as email account names.
     
  16. Spanish Administrator

    Spanish Administrator THE Spanish Administrator Staff Member

    A.o.l.

    Not like I know anything about AOL but the boss says this will make some sense. It seems like a lot of work to me.

    The email files are in an html format. The objective is to save the file in html format. This can be done as follows:
    * Open the email message you want to save, as if you were reading it
    * Move mouse cursor to the top tool bar, click on "File"
    * Move mouse cursor to "Save as..." and click.
    * Identify which directory you would like to save the file in. This is done using the normal save function of Windows. If you are not real comfortable with directories, save the file in "Desktop". This will have the file icon visible on you regular desktop screen and very easy to find later on.
    * Provide a name of the file in the "file name" box.
    * Select the "type" as "html" if possible. If your browser does not show "html" type, just select the type as "All Files" and add ".html" to the file name generated in step 6, such as email.html. The "dot" before the html extension is important. The objective of this step is to have the extension of the file as an "html" type file.
    * Press "Save".


    To forward the file to someone else (law enforcement, lawyer, ISP):
    * Move cursor to the top tool bar and click on "Write"
    * Insert the email address you want to forward the file to
    * Type any info in the body of the message, if needed
    * To add the html file you just generated in the above steps, click on "Attachments"
    * When the "Attachments Window" opens, click on "Attach"
    * Find the file in the directory window and highlight the file name. If you followed the "Desktop" instructions, the directory name is "c:\desktop". If there are too many files that appear, type "*.html" in the file name. The use of the asterisk (also called a star by some) lists all files that are html.
    * Click on "open"
    * Click on "OK"
    * Click on "Send now"
    * The message and attached file have now been sent.
     
  17. Kat

    Kat Administrator Staff Member

    Macintosh OS X Mail

    It's easy. From the mail menu select "preferences" and then select "viewing". In viewing under "show header detail" select "all".
     
  18. Kat

    Kat Administrator Staff Member

    Lycos

    Click on a message then select go to the tool bar menu item above the message. Check "All Headers" then highlight and copy and paste the email into a new message.
     
  19. Miyuki

    Miyuki Administratrix Staff Member

    Rediffmail

    In the mailbox, on the right above the mail it says "show headers". Click that and a box with the header will open. If it is a spam mail it may say "No headers found for this email".
     
  20. Miyuki

    Miyuki Administratrix Staff Member

    Sify.com

    This is easy because it is the same as gmail now. Sify uses the gmail template. Once you sign in to your gmail account open the email that you want the headers for. On the right is a down arrow with several options, under the blue "Reply" arrow. Choose the one that says "Show original" then the full header and the email will open in a new tab (or window). Copy and paste the entire thing if you are posting a scam email. And do please remove your email address before you post it.
     
Thread Status:
Not open for further replies.

Share This Page